For compliance purposes, I need to ensure that successful and failed logins are being logged. I know Red Hat Linux logs all logins by default. Where is that logging configured? How can I prove to an auditor that login logging hasn't been disabled? I'm using Red Hat Enterprise Linux 7.
A little more information: most users log in via SSH. Administrators have console access. We use Centrify to connect our systems to Active Directory.